The report says the malware is disguised in fake versions of secure messaging apps like Signal and WhatsApp - and able to steal text messages - including two-factor authentication codes - and other data from targets’ mobile devices.

Here's one of the report's eye-popping announcements:

By piecing together a target’s text messages, browsing history, call logs, and location data, Dark Caracal could gain an intimate look into the person’s life. The group also used Windows malware to collect screenshots and files from desktop computers. By sending out phishing messages on Facebook and WhatsApp, Dark Caracal was able to direct its victims to install apps containing its malware.

This is outrageous stuff. They can basically activate your device at anytime, all the time. They can capture everything on it.

Do you feel the "Techlash" alarms vibrating? Best Defense: Don't open or download any email attachments.